Nuclear Plants Leak Critical Alerts in Unencrypted Pager Messages

A fairly large number of critical infrastructure organizations have been found relying on unsecured pagers for communication between employees, which security experts believe could potentially expose them to hack and espionage.

In a report by Trend Micro, a L.A.-based security software company, researchers said: “Our research on unencrypted pager messages led us to discover which sectors are still using pager technologies in this age of smartphones and the internet. We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defence contractors, semiconductor and commercial manufacturers, and HVAC.”

According to the study, employees at nuclear plants, chemical and electricity plants, chip makers and others still use unsecured wireless pagers, in part, to communicate about various industrial control systems.

The report warns that it “also saw personal information being transmitted in the clear, such as email addresses, project codes, and employee names. Any motivated attacker can craft extremely effective social engineering attacks using these information. Thus any organization is at risk of suffering the repercussions of successful targeted attacks, which could mean anything from industrial espionage, loss of customer loyalty and trust to fatal real-world sabotage of public service systems, as in terrorism.”